Last updated on 12 December 2022
If you are working with data from human subjects, it is essential that you determine what your privacy requirements are.
Faculty researchers are obligated to meet the requirements of the General Data Protection Regulation (GDPR) when working with personal data.
- To determine if you will be working with personal data* and what you need to do as a result, please consult the Privacy Five Step Plan
- You can find a summary of what the GDPR is and what it means for research in this two-page primer
- Additional detailed information about what privacy and the GDPR mean for VU employees can be found here
* NB: most data collected from humans is personal data. If in doubt, assume the GDPR applies to your research. In addition to the general guidance above, you can find some faculty-specific guidance for meeting your privacy requirements below:
- ICF Checklist: helps you achieve GDPR compliance in your informed consent forms
- Privacy Risk Categorizations Guide: helps you determine how sensitive your data are, which in turn will help you determine the necessary measures to protect the data
- De-identification of Data Guide: helps you make your data as non-identifiable as possible to protect your participants’ privacy